Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
Software | From | Fixed in |
---|---|---|
twiki / twiki | - | 4.2.2.x |
twiki / twiki | 4.0 | 4.0.x |
twiki / twiki | 4.0.0 | 4.0.0.x |
twiki / twiki | 4.0.1 | 4.0.1.x |
twiki / twiki | 4.0.2 | 4.0.2.x |
twiki / twiki | 4.0.3 | 4.0.3.x |
twiki / twiki | 4.0.4 | 4.0.4.x |
twiki / twiki | 4.0.5 | 4.0.5.x |
twiki / twiki | 4.1.0 | 4.1.0.x |
twiki / twiki | 4.1.1 | 4.1.1.x |
twiki / twiki | 4.1.2 | 4.1.2.x |
twiki / twiki | 4.2.0 | 4.2.0.x |
twiki / twiki | 4.2.1 | 4.2.1.x |